drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in Drupal
Name: |
Zwei Probleme in Drupal |
|
ID: |
DSA-3897-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian jessie, Debian stretch |
|
Datum: |
Sa, 24. Juni 2017, 10:08 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6922 |
|
Applikationen: |
Drupal |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3897-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 24, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : drupal7 CVE ID : CVE-2015-7943 CVE-2017-6922 Debian Bug : 865498
Two vulnerabilities were discovered in Drupal, a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following issues:
CVE-2015-7943
Samuel Mortenson and Pere Orga discovered that the overlay module does not sufficiently validate URLs prior to displaying their contents, leading to an open redirect vulnerability.
More information can be found at https://www.drupal.org/SA-CORE-2015-004
CVE-2017-6922
Greg Knaddison, Mori Sugimoto and iancawthorne discovered that files uploaded by anonymous users into a private file system can be accessed by other anonymous users leading to an access bypass vulnerability.
More information can be found at https://www.drupal.org/SA-CORE-2017-003
For the oldstable distribution (jessie), these problems have been fixed in version 7.32-1+deb8u9.
For the stable distribution (stretch), these problems have been fixed in version 7.52-2+deb9u1. For the stable distribution (stretch), CVE-2015-7943 was already fixed before the initial release.
We recommend that you upgrade your drupal7 packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllN9+FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RsPw/+OI+sKb7Tug9hTpQSFiBNVkBqUCd3pvBofmVvu+peF/YTIL6iY/b9Gi5o Q86Jzj9Fnnv8rRVgVDuWWsUMi+hOcu8DzUEiEFB181rsU52xJX+CI5jvgjTRqr3R JFC8iGEELc09bUccmfBzujYx7XvUkUrodhjxhdphfi2cLIs9l10RYZGQZMpKTG8A MzC60GUCCWLbn20pvS2FgLPQSbMatS6kfT76xU7v2zpI78UDhuefqD9cFCqMNpA8 7sYyqIp+cLSS4abzfQFPjzbxqrsRlRwyS5WRIbFwxGefBJWDigDEOgwmAvjiHC17 lv6j7dgzdzJaGmsVdGjiKnG8GXMly5Jk7zA+c52LEkm9d5HsYX6mXwF6XLJypQT3 jDBpmBzyuZvBs8fZNNOv2Ym5X81BSDRx4LvFGMrkfrucZ6GEIHtxs4gPN4n/nfy8 +yhWG7tPqhnQQTyEV1aSBK5h0YwEpCkxRNEB4C8MjA69E8AhzEgu8bdiiKnGSjWP lZzkOs1gFgM+J5CR1RdxNWRvuR3Evf3H7QH5aanYAGBlCwG08NoN0DHgmK1NaScK kCD7wOWqe1eZxpjpP9KpZrloOBr1rLl5IDEUffDakNfzXnrFyNEnBth7sCvUimfR ash56i1MHn7n39RflEqZ1cctr/Wf4fnsBcTbVNRTKLSL+GG1hAs= =qpVD -----END PGP SIGNATURE-----
|
|
|
|